An Outside User Visits A Web Server On The Dmz - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 5
Configuring the Firewall Mode
3.
4.
5.
6.
An Outside User Visits a Web Server on the DMZ
Figure 5-2
Figure 5-2
Inside
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
For multiple context mode, the FWSM first classifies the packet according to either a unique
interface or a unique destination address associated with a context; the destination address is
associated by matching an address translation in a context. In this case, the interface would be
unique; the www.example.com IP address does not have a current address translation in a context.
The FWSM translates the real address (10.1.2.27) to the mapped address 209.165.201.10, which is
on the outside interface subnet.
The mapped address could be on any subnet, but routing is simplified when it is on the outside
interface subnet.
The FWSM then records that a session is established and forwards the packet from the outside
interface.
When www.example.com responds to the request, the packet goes through the FWSM, and because
the session is already established, the packet bypasses the many lookups associated with a new
connection. The FWSM performs NAT by translating the mapped address to the real address,
10.1.2.27.
The FWSM forwards the packet to the inside user.
shows an outside user accessing the DMZ web server.
Outside to DMZ
User
Outside
209.165.201.2
FWSM
10.1.2.1
10.1.1.1
Web Server
10.1.1.3
Dest Addr Translation
209.165.201.3
10.1.1.13
DMZ
Routed Mode Overview
5-3
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
